Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/xNR2TH7qOvL89YUzm8tC_DyVzRM.roa
File:                     xNR2TH7qOvL89YUzm8tC_DyVzRM.roa (raw, json)
Hash identifier:          zc7P10O5xpRwbPH+qYrp3N03fh3LNeueq58VSoil/R8=
Subject key identifier:   C4:D4:76:4C:7E:EA:3A:F2:FC:F5:85:33:9B:CB:42:FC:3C:95:CD:13
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       01999264CA147DCE0335558F1082D15B90B8
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/xNR2TH7qOvL89YUzm8tC_DyVzRM.roa
Signing time:             Sun 28 Sep 2025 22:15:02 +0000
ROA not before:           Sun 28 Sep 2025 22:15:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        158.94.220.0/24 maxlen: 24
                          2a01:fb03::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:92:64:ca:14:7d:ce:03:35:55:8f:10:82:d1:5b:90:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Sep 28 22:15:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4d4764c7eea3af2fcf585339bcb42fc3c95cd13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:33:e1:b2:75:05:f2:93:2b:d9:ae:48:9f:6d:
                    18:83:34:96:c3:4e:a9:72:53:77:d5:a9:bf:d6:c8:
                    40:02:35:f6:d9:10:70:5c:a4:dc:a2:0d:b2:b5:c7:
                    ed:f6:25:5e:f3:e5:35:0f:74:21:a0:9d:e7:7e:bf:
                    36:af:3d:35:1c:3c:80:03:b9:9a:68:53:f9:12:2d:
                    4e:81:e7:59:72:63:06:c7:d6:78:5e:9e:27:11:3c:
                    47:50:c8:b2:c5:41:bd:ef:d5:89:0f:ee:3a:3a:79:
                    b9:74:08:04:66:f7:a7:37:46:9a:11:33:d7:4c:9a:
                    96:71:0b:7f:ec:0b:c0:7f:25:25:52:77:5a:62:76:
                    09:4d:6a:64:00:a5:cf:de:e4:b0:6d:9f:35:1f:5d:
                    13:08:d0:da:e7:95:63:60:2d:a2:1a:65:01:0b:99:
                    80:2e:92:eb:30:e8:22:2c:d5:30:3c:b5:cb:05:bd:
                    13:1c:f0:b8:87:bb:12:6c:1a:9e:17:b1:e9:6f:62:
                    ff:71:71:76:97:db:e6:da:24:3f:28:9c:e8:73:9b:
                    b6:5b:80:3d:71:63:c0:b8:54:dc:bc:75:0f:02:d6:
                    64:9a:de:07:93:35:81:fd:58:2d:2a:af:61:e9:96:
                    b3:26:81:30:a8:b0:a0:24:97:13:83:f8:0d:33:01:
                    08:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D4:76:4C:7E:EA:3A:F2:FC:F5:85:33:9B:CB:42:FC:3C:95:CD:13
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/xNR2TH7qOvL89YUzm8tC_DyVzRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.220.0/24
                IPv6:
                  2a01:fb03::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:8a:dc:7b:e2:ac:8b:27:ea:ed:4f:30:28:ba:72:ee:90:13:
         31:f4:a9:e1:19:92:66:f6:8c:7e:44:3a:f2:f1:82:f4:0d:37:
         12:fa:23:91:6a:63:c6:3d:00:01:74:3b:2a:1c:d5:0c:be:64:
         c3:30:af:34:12:3c:ea:85:22:68:97:03:bd:c5:6e:98:ba:de:
         f9:d4:24:18:34:ef:30:5c:cd:0e:a8:03:e7:49:a2:e6:2b:7b:
         e7:65:79:a7:32:c4:63:b8:2b:5f:3c:43:93:da:4f:07:cf:8c:
         55:9f:77:53:8b:a0:e4:b1:d9:14:f7:ad:b7:e6:10:47:71:68:
         ba:d7:98:34:86:d9:f6:92:68:1d:01:6a:b3:1c:dd:f4:d0:28:
         83:01:59:a5:52:8c:8a:7e:b6:ce:dc:97:c3:d4:5a:46:e9:46:
         63:70:7a:89:92:45:7c:1c:2e:b8:a4:f3:14:e7:d6:6d:5a:26:
         3b:8a:1f:c9:69:2f:d8:df:fb:d8:45:aa:58:40:01:53:15:9c:
         97:6f:d7:13:d6:08:3d:cc:24:54:22:26:9c:7e:9b:4f:38:25:
         cd:d5:69:6a:a6:e4:0f:23:24:53:6c:53:20:74:10:fd:1f:4f:
         57:36:7a:9b:ec:31:c8:ce:af:31:5f:8c:e9:62:ea:29:66:42:
         5e:2b:ff:6e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZmSZMoUfc4DNVWPEILRW5C4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUwOTI4MjIxNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGQ0NzY0YzdlZWEzYWYyZmNmNTg1MzM5YmNiNDJmYzNjOTVjZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zPhsnUF8pMr2a5In20YgzSWw06p
clN31am/1shAAjX22RBwXKTcog2ytcft9iVe8+U1D3QhoJ3nfr82rz01HDyAA7ma
aFP5Ei1OgedZcmMGx9Z4Xp4nETxHUMiyxUG979WJD+46Onm5dAgEZvenN0aaETPX
TJqWcQt/7AvAfyUlUndaYnYJTWpkAKXP3uSwbZ81H10TCNDa55VjYC2iGmUBC5mA
LpLrMOgiLNUwPLXLBb0THPC4h7sSbBqeF7Hpb2L/cXF2l9vm2iQ/KJzoc5u2W4A9
cWPAuFTcvHUPAtZkmt4HkzWB/VgtKq9h6ZazJoEwqLCgJJcTg/gNMwEILQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMTUdkx+6jry/PWFM5vLQvw8lc0TMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEveE5SMlRIN3FPdkw4OVlVem04dENfRHlWelJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAnl7cMA0E
AgACMAcDBQAqAfsDMA0GCSqGSIb3DQEBCwUAA4IBAQBwitx74qyLJ+rtTzAounLu
kBMx9KnhGZJm9ox+RDry8YL0DTcS+iORamPGPQABdDsqHNUMvmTDMK80EjzqhSJo
lwO9xW6Yut751CQYNO8wXM0OqAPnSaLmK3vnZXmnMsRjuCtfPEOT2k8Hz4xVn3dT
i6DksdkU96235hBHcWi615g0htn2kmgdAWqzHN300CiDAVmlUoyKfrbO3JfD1FpG
6UZjcHqJkkV8HC64pPMU59ZtWiY7ih/JaS/Y3/vYRapYQAFTFZyXb9cT1gg9zCRU
IiacfptPOCXN1WlqpuQPIyRTbFMgdBD9H09XNnqb7DHIzq8xX4zpYuopZkJeK/9u
-----END CERTIFICATE-----